CVE-2025-6981

Sažetak

An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18 and was fixed in versions 3.14.15, 3.15.10, 3.16.6 and 3.17.3

Reference

https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.15
https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.10
https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.6
https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.3

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

15-07-2025 - 21:15

Objavljeno

15-07-2025 - 21:15